CVE-2025-54572 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

[SECURITY] [DLA 4288-1] ruby-saml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4288-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 01, 2025 https://wiki.debian.org/LTS -...

Debian dla-4288 : ruby-saml - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4288 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4288-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-54572

CVE-2025-54572 is a DoS in the Ruby SAML library used for SAML client-side assertions. The initial description states affected versions are ≤1.18.0 with a fix in 1.18.1. A Debian LTS advisory confirms a patch and provides a Debian-specific fix version (1.11.0-1+deb11u3) and recommends upgrading t...

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...